1. We at Clwydian Sports Therapy take your privacy seriously. This policy covers the collection, processing and other use of personal data under the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulations (“GDPR”).
2. For the purpose of the DPA and GDPR we are the data controller and any enquiry regarding the collection or processing of your data should be addressed to Rebecca Partridge-Smith at Clwydian Sports Therapy, Andermatt, Cefn Bychan Road, Pantymwyn, Mold, CH7 5EN. Alternatively, you can email your enquiry to email@example.com.
Information we collect
3. We will collect personal data directly provided to us by you, e.g. your name, e-mail address, home or work address and telephone number, and past medical history. This has been provided to us by you, therefore, with your consent.
4. Some treatments should not be performed under certain medical conditions, therefore, the information you provide to us should include all known medical conditions and all questions should be answered honestly. It is your responsibility to keep the therapist updated as to any changes in your medical profile and there shall be no liability on the therapist’s part should you fail to do so.
5. Your payment information provided when you make a purchase through credit/debit card is not received or stored by us. That information is processed securely and privately by the third-party payment processors that we use. Clwydian Sports Therapy will not have access to that information at any time. We may share your personal data with our payment processors, but only for the purpose of completing the relevant payment transaction. Such payment processors are banned from using your personal data, except to provide these necessary payment services to us, and they are required to maintain the confidentiality of your personal data and payment information.
Use of your information
6. We may hold and process personal data that you provide to us in accordance with the DPA and GDPR. The information that we collect and store relating to you is primarily used to enable us to provide our services/advise to you.
7. In addition, we may use the information for the following purposes:
To notify you about any changes to our services, such as improvements or service/product changes, that may affect our service. We may contact you, where you have consented, to receive our e-newsletter from time to time.
Disclosure of your information
8. We may disclose your information to regulatory bodies to enable us to comply with the law and to assist fraud protection.
9. Please be assured that we do not reveal any information about identifiable individuals to our advertisers.
Controlling the use of your data
10. If you have given us consent to use your data for a particular purpose you can revoke or vary that consent at any time. If you do not want us to use your data or you wish to vary the consent that you have provided you can write to us or email us using the information detailed in clause 2.
Where we store and transfer your data
11. As part of the services offered to you by Clwydian Sports Therapy, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the our clinic management software, website and some other aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA - this is generally the nature of data stored in “the Cloud”. It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g. our website server host, or work for us when temporarily outside of the EEA.
12. We do not use or disclose sensitive personal data, such as race, religion, or medical history, without your explicit consent. Therefore, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements. You have the right to opt out of us processing your personal data for marketing purposes by contacting us at firstname.lastname@example.org.
13. The transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data, any such transmission is at your own risk. Once we have received any personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Third party links
15. You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
16. The DPA and GDPR give you the right to access information held about you by us at any point. Please write to us or contact us by email if you wish to request confirmation of what personal information we hold relating to you. You can write to us at the address detailed in clause 2, above, or by email to email@example.com. There is no charge for requesting that we provide you with details of the personal data that we hold. We will provide this information within one month of your requesting the data.
17. You have the right to change the permissions that you have given us in relation to how we may use your data. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by contacting us using the information detailed in clause 2.
Changes to this policy
18. We may update these policies to reflect changes to our services. Please regularly review these policies to be informed of how we are protecting your personal data.